C# – credentialcache.defaultcredentials returning wrong user credentials

asp.netauthenticationcweb services

I have a ASP.NET Website (.NET 2 IIS 5.1) running on machine A with Integrated Windows Authentication enabled. It has a user Automation.
When I connect to it from machine B with user 'Ganesh', I am prompted to enter username & password (by IE itself).

CASE 1:
If I DONT save the credentials using remember my password option:
I get connected to the website.However later internally I need to connect to a webservice to get some details (via code). To to that, the code first sets the credentials to default credentials.

statusService.Credentials = CredentialCache.DefaultCredentials;

Now here the logged in user 'Ganesh' credentials are passed for some reason. (I found that using logon audits logging at the server)

Hence when I call the service:

m_LicenseStatus = statusService.GetLicenseStatus(out m_dNoEvalDays);

I get HTTP 401 Unauthorized exception.

CASE 2:
If I save the credentials using remember my password option:

'Automation' user credentials are passed & the call is successful.

Hence my question is why do I need to save the credentials? It is a necessity or have I missed something?

Best Answer

I contacted Microsoft about this issue.

Following were the recommendations:

http://blogs.msdn.com/jpsanders/archive/2009/09/03/using-httpwebrequest-with-credential-manager.aspx I opted for a note to be included in known issues list of my software. Hope this helps.

Related Solutions

R – Impersonation fails authorization with same credentials on workstation A and B

My knowledge of authentication is a bit hazy, but if I understood your description correctly:

in the first case, you're browsing to localhost, which is impersonating the caller, then calling a web service on a different machine. The impersonation is being done on the same machine as the client. I believe in this case, the impersonating application doesn't need to be on a machine that is trusted for delegation (because it's already the same machine as the client).
in the second case, you're browsing to a different PC, which is attempting to impersonate the caller when calling a third PC. In this case, the PC in the middle would need to be trusted for delegation (which it presumably won't be if it's a development workstation).

C# – Returning IEnumerable vs. IQueryable

Yes, both will give you deferred execution.

The difference is that IQueryable<T> is the interface that allows LINQ-to-SQL (LINQ.-to-anything really) to work. So if you further refine your query on an IQueryable<T>, that query will be executed in the database, if possible.

For the IEnumerable<T> case, it will be LINQ-to-object, meaning that all objects matching the original query will have to be loaded into memory from the database.

In code:

IQueryable<Customer> custs = ...;
// Later on...
var goldCustomers = custs.Where(c => c.IsGold);

That code will execute SQL to only select gold customers. The following code, on the other hand, will execute the original query in the database, then filtering out the non-gold customers in the memory:

IEnumerable<Customer> custs = ...;
// Later on...
var goldCustomers = custs.Where(c => c.IsGold);

This is quite an important difference, and working on IQueryable<T> can in many cases save you from returning too many rows from the database. Another prime example is doing paging: If you use Take and Skip on IQueryable, you will only get the number of rows requested; doing that on an IEnumerable<T> will cause all of your rows to be loaded in memory.

Related Topic